Added check for ownerId on file download

src/main/java/it/inaf/ia2/transfer/controller/FileInfo.java

@@ -8,6 +8,7 @@ public class FileInfo {
     private boolean isPublic;
     private List<String> groupRead;
     private List<String> groupWrite;
+    private String ownerId;
     private boolean asyncTrans;
 
     public String getOsRelPath() {
@@ -42,6 +43,14 @@ public class FileInfo {
         this.groupWrite = groupWrite;
     }
 
+    public String getOwnerId() {
+        return ownerId;
+    }
+
+    public void setOwnerId(String ownerId) {
+        this.ownerId = ownerId;
+    }
+
     public boolean isAsyncTrans() {
         return asyncTrans;
     }

src/main/java/it/inaf/ia2/transfer/controller/GetFileController.java

@@ -64,10 +64,18 @@ public class GetFileController {
     }
 
     private boolean privateButDownloadable(FileInfo fileInfo) {
-        String token = ((TokenPrincipal) request.getUserPrincipal()).getToken();
+
+        TokenPrincipal principal = (TokenPrincipal) request.getUserPrincipal();
+
+        String token = principal.getToken();
         if (token == null) {
             return false;
         }
+
+        if (principal.getName().equals(fileInfo.getOwnerId())) {
+            return true;
+        }
+
         // TODO: configure cache
         if (fileInfo.getGroupRead() == null) {
             return false;

src/main/java/it/inaf/ia2/transfer/persistence/FileDAO.java

@@ -25,7 +25,7 @@ public class FileDAO {
 
     public Optional<FileInfo> getFileInfo(String virtualPath) {
 
-        String sql = "select os_path, is_public, group_read, group_write, async_trans from\n"
+        String sql = "select os_path, is_public, group_read, group_write, owner_id, async_trans from\n"
                 + "node n join node_path p on n.node_id = p.node_id\n"
                 + "and vos_path = ?";
 
@@ -40,6 +40,7 @@ public class FileDAO {
                 fi.setIsPublic(rs.getBoolean("is_public"));
                 fi.setGroupRead(toList(rs.getArray("group_read")));
                 fi.setGroupWrite(toList(rs.getArray("group_write")));
+                fi.setOwnerId(rs.getString("owner_id"));
                 fi.setAsyncTrans(rs.getBoolean("async_trans"));
                 return fi;
             }

src/test/java/it/inaf/ia2/transfer/controller/GetFileControllerTest.java

@@ -130,4 +130,36 @@ public class GetFileControllerTest {
 
         when(fileDao.getFileInfo(any())).thenReturn(Optional.of(fileInfo));
     }
+
+    @Test
+    public void getPrivateFileByOwnerId() throws Exception {
+
+        Map<String, Object> claims = new HashMap<>();
+        claims.put("sub", "123");
+
+        when(tokenParser.getClaims(any())).thenReturn(claims);
+
+        FileInfo fileInfo = new FileInfo();
+        fileInfo.setOsRelPath(tempFile.getAbsolutePath());
+        fileInfo.setOwnerId("123");
+
+        when(fileDao.getFileInfo(any())).thenReturn(Optional.of(fileInfo));
+
+        mockMvc.perform(get("/path/to/myfile")
+                .header("Authorization", "Bearer: <token>"))
+                .andDo(print())
+                .andExpect(status().isOk());
+    }
+
+    @Test
+    public void testPrivateFileNullToken() throws Exception {
+
+        FileInfo fileInfo = new FileInfo();
+
+        when(fileDao.getFileInfo(any())).thenReturn(Optional.of(fileInfo));
+
+        mockMvc.perform(get("/path/to/myfile"))
+                .andDo(print())
+                .andExpect(status().isUnauthorized());
+    }
 }